Security topics in the internet age remain esoteric and the domain of experts. Firewalls and Intrusion Prevention Systems are only parts of the complete security picture. Application security is an essential piece of the security puzzle, and without it, the sensitive application is still in jeopardy, even with the strongest network and OS security. Yet many developers lack the knowledge needed to protect their sensitive data using secure application development techniques.

The presentation will focus on tools and techniques that developers can use write a secure application from scratch, or test an already-installed application. Attacks will be discussed such as SQL injection, cross-site scripting, dictionary attacks, role elevation, as well as phishing and social engineering attacks. These attacks can be foiled using testing tools, Java Cryptography (JCE), and secure design techniques. Tools and code samples will demonstrate these techniques so that you may apply them to your applications. We'll also look at Risk Assessment, impact analysis and the bigger picture of security or SOx audits, in case your system is audited.

Jay Meyer is a software engineer specializing in enterprise Java. Jay was a professional security analyst for a Fortune 500 company specializing in application security for enterprise and internet-facing web applications. He is a Certified JBoss Developer, and has been developing in Java since 1999, and has developed .NET applications since 2003. Jay is a partner at Harpoon Technologies (http://www.harpoontech.com), a Red Hat / JBoss Certified partner company.